CVE-2009-0775

critical

Description

Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.

References

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9681

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7584

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6207

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5816

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5806

https://bugzilla.mozilla.org/show_bug.cgi?id=474456

http://www.vupen.com/english/advisories/2009/0632

http://www.securitytracker.com/id?1021796

http://www.securityfocus.com/bid/33990

http://www.redhat.com/support/errata/RHSA-2009-0325.html

http://www.redhat.com/support/errata/RHSA-2009-0315.html

http://www.redhat.com/support/errata/RHSA-2009-0258.html

http://www.mozilla.org/security/announce/2009/mfsa2009-08.html

http://www.mandriva.com/security/advisories?name=MDVSA-2009:075

http://www.debian.org/security/2009/dsa-1751

http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document

http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm

http://secunia.com/advisories/34417

http://secunia.com/advisories/34383

http://secunia.com/advisories/34324

http://secunia.com/advisories/34272

http://secunia.com/advisories/34145

http://secunia.com/advisories/34140

http://secunia.com/advisories/34137

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html

Details

Source: Mitre, NVD

Published: 2009-03-05

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical